2.2 KiB
Deployer: deploy your shit and make it run
So lame to have to configure nginx, MySQL, and your filesystem to install a stupid Wordpress instance.
Deployer does my config for me like the slave it is.
All the configuration is defined in group_vars/all/vars.yml, go check.
Create a side group_vars/all/vault.yml for your secrets, and encrypt it with Ansible Vault:
ansible-vault encrypt group_vars/all/vault.yml
# other sub-commands: edit, decrypt...
I usually run the following command:
ansible-playbook --ask-vault-pass sites.yml -i inventory -v
Required packages on remote
Python modules:
- docker
- docker-compose
- pymysql
TODO: Ansible task to install that before the rest
Features
-
Creating Wordpress instances (yoohoo, da best)
- That send mail!!11!1!
- Supports existing and new installs
-
Creating Drupal instances
- Only existing ones (no new installs)
-
Create Gitea instances
- Nginx and docker-compose configurations
- Most of the work is by hand, because there is quite a lot of interaction between the host and the container (for forwarding ssh).
Does not support
-
Setting up the host
-
SSL certificate creation (bro, do it yourself!). That is:
# Make an nginx file for certbot cat << EOF > /etc/nginx/sites-enabled/yoursite.com server { listen 80; server_name www.yoursite.com yoursite.com; include snippets/letsencrypt.conf; } EOF nginx -t # Is everything alright? # If so, restart nginx service nginx restart # Create the certificate certbot certonly --webroot -w /var/www/letsencrypt -d yoursite.com -d www.yoursite.com # Remove the stupid file rm /etc/nginx/sites-enabled/yoursite.com service nginx restart
Misc
Ansible
-
You can create passwords/keys in templates using the following Jinja2 command:
{{ lookup('password', '/dev/null length=20') }}See https://docs.ansible.com/ansible/latest/plugins/lookup/password.html ans https://docs.ansible.com/ansible/latest/user_guide/playbooks_lookups.html
Useful SQL commands
select host, user, password from mysql.user order by user;
create user 'arvuhez'@'172.26.0.2' identified by 'kjhs';
grant all on arvuhez.* to 'arvuhez'@'172.26.0.2';
show grants for 'arvuhez'@'172.26.0.2';